[148198] in cryptography@c2.net mail archive
Re: [Cryptography] Moving forward on improving HTTP's security
daemon@ATHENA.MIT.EDU (Bear)
Tue Nov 19 23:39:45 2013
X-Original-To: cryptography@metzdowd.com
From: Bear <bear@sonic.net>
To: cryptography@metzdowd.com
Date: Tue, 19 Nov 2013 19:52:39 -0800
In-Reply-To: <CAMm+LwjWTq8To6-Zz9VXJWRr_O=pR_-sPPeXxSZ+4rK_UxpDSQ@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Mon, 2013-11-18 at 20:08 -0500, Phillip Hallam-Baker wrote:
>
> I would like to see transparency in crypto hardware too. There was a
> side meeting on this in Vancouver. But it is a very hard problem.
>
>
> Yes we can take a Raspberry Pi and run Linux on it from a distribution
> with a known fingerprint. But that still leaves us with a half million
> lines of code to wade through.
True. Still, the fact that something *IS* a cryptography device
makes the manufacturer a target for anyone who wants to subvert
security, and all manufacturers are located in and subject to the
demands of countries. Countries have an interest in subverting
security. Therefore such devices simply cannot be trusted unless you
build them yourself, with off-the-shelf parts whose manufacturer
has no idea that you're going to assemble a cryptographic device.
Honestly, I think the best we can do for secure crypto devices is
to develop and publish schematics and parts shopping guides for
build-your-own kits. Along with parts testing guides and software
so you can be absolutely sure each component of the device is doing
exactly what it's supposed to do.
Bear
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography